No more typing reviews! Try our Samantha, our new voice AI agent.

BMC Helix Cloud Security vs Rapid7 InsightCloudSec comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
BMC Helix Cloud Security
Ranking in Cloud Security Posture Management (CSPM)
38th
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
5
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (26th)
Rapid7 InsightCloudSec
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
13
Ranking in other categories
Cloud Management (13th), Cloud-Native Application Protection Platforms (CNAPP) (11th), AI Observability (9th)
 

Mindshare comparison

As of July 2026, in the Cloud Security Posture Management (CSPM) category, the mindshare of Qualys TotalCloud is 1.8%, up from 1.2% compared to the previous year. The mindshare of BMC Helix Cloud Security is 0.9%, up from 0.3% compared to the previous year. The mindshare of Rapid7 InsightCloudSec is 1.3%, down from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.8%
Rapid7 InsightCloudSec1.3%
BMC Helix Cloud Security0.9%
Other96.0%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
DG
Portfolio Manager/ Helix Administrator at Frontier Communications
A highly scalable and straightforward solution with a knowledgeable support team
We work on a third-party shared environment. It wouldn’t have been feasible for a smaller company. My company was actually the first one to do it. Just like any cloud security, it pays to do your research and have complimentary security involved. The product can’t be the be-all and end-all tool for your security. Overall, I rate the solution a nine out of ten.
Arun Babu - PeerSpot reviewer
SOC analyst at a media company with 1,001-5,000 employees
Daily endpoint monitoring has improved investigations and saved time but detection rules still need tuning
It is important to note that Rapid7 InsightCloudSec's features are not 100% precise, but I find about 70% of the time it is satisfactory. I would like to suggest that you improve it to be more precise, ideally making it 100% if possible. Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives. Additionally, the traditional rules should be updated, as this is a main point worth mentioning since we spend a lot of time fine-tuning these traditional rules. I suggest improving the legacy detection rules. If there are any authentication cases, such as impossible travel activity where a user has their SharePoint hosted in a different location, Rapid7 can often trigger alerts, creating confusion as we cannot fine-tune it properly. Another issue is with honeypot access. We sometimes lack necessary logs because Defender's advanced threat protection scanning gets detected as honeypot activity by Rapid7, leading to annoying and noisy alerts that we need to constantly close. If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"The scalability is good as well. I would rate it ten out of ten."
"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"TotalCloud provides the easiest and the best approach for cloud infrastructure management."
"Qualys TotalCloud has improved our security posture."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"In my opinion, this is the best tool."
"It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP."
"With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud."
"The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools."
"Role-based security is a valuable feature."
"The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities."
"It is a good tool to make sure that your containers are safe and sound."
"Using this solution is an eye-opener; having that holistic view is the biggest eye-opener because you understand, from any of your connected cloud accounts, what your vulnerabilities are with it."
"The most valuable aspects of BMC Helix Cloud Security are its security features and regulatory compliance capabilities."
"Agentless scanning is a possible use with Rapid7 InsightCloudSec."
"I can confirm money and time savings with Rapid7 InsightCloudSec, as we can scan the entire IP range simultaneously instead of manually checking each asset for vulnerabilities, reducing the need for technicians to move around the organization and thus saving significant time."
"I find the security frameworks and security tools valuable. I think they're good in the infrastructure of the code security. They are also good at threat protection."
"It runs every hour and has been reliable since I started."
"ICSE is cheaper compared to other tools and has a pleasant user experience with good support."
"After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact."
"Since implementing Rapid7 InsightCloudSec, manual cloud security checks have been reduced by around forty to fifty percent, and mean time to resolve misconfigurations has dropped from several hours to under thirty minutes on average, significantly improving efficiency and client confidence."
"The best features Rapid7 InsightCloudSec offers include more automation remediation, compliance reporting for auditing, improvement on multi-cloud governance, and cost visibility, which really stand out to me."
 

Cons

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"Their customer support needs improvement."
"I think its TOA interfaces are still not that comfortable. The UI could be more user-friendly, easier to use."
"The UI could be more user-friendly."
"We've had some with issues connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go."
"We've had some issues with connectors; the connectors have seemed to cause a little bit of trouble, perhaps with the APIs trying to scan the environment."
"I want the role-based security feature to be improved."
"BMC Helix Cloud Security has room for improvement in terms of integrating its various features."
"The biggest challenge now, which is a good problem to have, with BMC Helix is content."
"Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated."
"Rapid7 InsightCloudSec could be better at showing dashboards for virtual firewalls and appliances. Compared to other solutions like Palo Alto, this area is not as good. So, they should work on improving this for virtual devices."
"A couple of modules are missing when compared to other providers, specifically related to some IAM, and the login piece needs improvement."
"Rapid7 InsightCloudSec can be improved by seeing reductions and improvements in prioritization, tuning findings, suppressing low-value alerts, and better prioritizing the most critical risks."
"I'm not impressed with their support right now. Their support model is not really good."
"I currently do not have any specific suggestions for improvements, as I am still exploring the full capabilities of Rapid7 InsightCloudSec, but I wish the UI and UX for reporting could be more straightforward, simplifying the process of creating matrices and dashboards."
"For a first-time user who starts using Rapid7 InsightCloudSec, it is somewhat complicated to navigate through the UI and search for logs or vulnerabilities, so this is one aspect that could be improved."
"Improvements could include providing better human-readable report formats with thorough explanations of CVEs and threats, detailing what can be done to eliminate malicious activities."
"Rapid7 InsightCloudSec needs to provide more granular search capabilities, such as the ability to search back the last three months."
 

Pricing and Cost Advice

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is expensive."
"The pricing is based on an annual subscription, upfront, and it's based on cloud assets. Whether your assets are in Azure and AWS combined, the tool tells you how many assets are being scanned and that's the number used for pricing."
"It is a subscription model with term licensing that is usually yearly. This includes, not only the product, but support and maintenance. It is based on cloud assets. Therefore, if you have 100 cloud assets, those cloud assets are measured based on evaluation or transactions. For example, if I'm evaluating that cloud asset for CIS compliance, PCI compliance, and AWS best practices, that asset gets evaluated three times, as those are three transactions. However, the license model is based on peak asset usage. So, over a year, if you deploy 100, 1000, 500, and then 2000 assets, you will be charged for the 2000 peak of assets managed by Helix Cloud Security."
"We're doing an annual subscription. There are additional expenses, but not within the confines of this platform."
"Companies generally buy this tool because the pricing is not that high."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Construction Company
22%
Comms Service Provider
12%
Performing Arts
9%
Manufacturing Company
9%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
9%
Insurance Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise8
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Rapid7 InsightCloudSec?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec are reasonable, and since our organization is growi...
What needs improvement with Rapid7 InsightCloudSec?
I would say that because Rapid7 InsightCloudSec does not have automatic patching capabilities, it provides recommenda...
What is your primary use case for Rapid7 InsightCloudSec?
In my role, my main use case for Rapid7 InsightCloudSec is for vulnerability management, where I scan my machines to ...
 

Also Known As

Qualys TotalCloud with FlexScan
TrueSight Cloud Security, SecOps Policy Service
DivvyCloud
 

Overview

 

Sample Customers

Information Not Available
NHS, Vodafone, Kansas City Life, SKY Italia, Cybera
Fannie Mae, 3M, PizzaHut, Spotify, Autodesk, Discovery
Find out what your peers are saying about BMC Helix Cloud Security vs. Rapid7 InsightCloudSec and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.